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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ■ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to communication(s) filed on 27 February 2004 . 
2a)\3 This action is FINAL. 2b)^ This action is non-final. 

3) \3 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-22 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 7-22 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) O The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 



3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1-7, 9-20 and 22, are rejected under 35 U.S.C. 102(b) as being clearly 
anticipated by Dolan et al., U.S. Pat. No. 5,604,801, hereinafter '801. 

3. As per claims 1-7, 9-20 and 22, '801 teach a public key data communications 
system (fig. 1 ) under the control of a portable security device/computer (1 1 0) 
comprising: a method for facilitating re-authentication (abs., figs. 7 and 10) of a user 
using a client computer/work station (110), via a server computer (130), a memory (350, 
370), a key generator, destroyer, encryptor, and decryptor (figs. 2, fig. 3 and 5, [360], 
fig. 4a-4b, 6a-6b), establishing a first communication/transmission/session/ message/ 
initialization of communications (fig. 10), generating a key/ variant key (col. 3, lines 4 et 
seq., 754, col. 9, lines 45 et seq.), receiving and encrypting confidential 
information/password/pin (figs. 4a-b and 5, col. 6, lines 57 et seq., and col. 7, lines 30 
et seq.), storing said encrypted confidential information on the server (figs. 3 and 5 
[350], col. 6, lines 35 et seq. and col. 7, lines 1 et seq.), transmitting and deleting the 
key (col. 7, lines 1-10 et seq.), creating an identifier and storing the identifier (fig. 7 and 
9-10, col. 6, lines 47 et seq., col. 8, lines 39 et seq., and col. 9, lines 30 et seq.), 
performing an exclusive "or" operations (fig. 5, 7, 10, col. 7, lines 31 et seq., col. 8, lines 
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45 et seq., col. 9, lines 45 et seq.), a data base (350, col. 6, lines 35 et seq.), 
establishing a second session..., receiving the key.., using the key to decrypt 
confidential information... and storing... (figs. 4b-6b, col. 6, lines 45 et seq., and col. 7- 
8, and col. 9, lines 34 et seq.,), receiving... and using the identifier... (col. 8, lines 60 et 
seq., and col. 9, lines 1-65), creating a second key... and identifier..., encrypting with 
the second key,.., storing the encrypted information..., transmitting the second key..., 
and deleting said key... (col. 4, lines 20 et seq., and col. 7, lines 60-col. 10 et seq., figs. 
3-7, 9-1 1 ), a pointer/label/reference (col. 9, lines 1-5 et seq.). '801 teach that a one- 
time session may be utilized, upon termination/completion of the first session, where 
each session/message is being defined as the time during which an interactive program 
accepts input and processes information. Here, specifically, a new session is being 
conducted each time the previous session is completed, meaning that a new message 
that is to be sent to the server is the initiation of a new session/message. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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5. Claims 8 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Dolan et al. '801 , as applied to claims 1-2 above, and further in view of Alegre et al., 
U.S. Pat. No. 6, 199,113, hereinafter '1 13. 

6. As to claim 8, '801 do not explicitly teach the use of a time limit upon the 
encrypted confidential information. He does however, teach that session keys are only 
good for a single transaction and then they are modified for the next session/message. 
Additionally, he teaches, the use of an on-line system management device wherein 
access control for the encryption keys or users rights to access maybe managed by 
rescinding or deleting the keys/users in the servers' database (col. 7, lines 13-20 et 
seq., and col. 8, lines 30 et seq.). '113 explicitly teach a time limit upon access data 
and in particularly session keys used to gain access to services (col. 4, lines 35 et seq.). 
It would have been obvious to one of ordinary skill in the art at the time of the invention, 
to augment the data processing network of '801 with the key management type of 
system, program or routine utilized in '1 13 to set the expiration period for the 
authentication data. One of ordinary skill in the art would have been motivated to 
perform such a modification because, a skilled artisan would have realized that having 
credentials that are valid for an indefinite period of time leaves a system open and 
vulnerable for attack. A person interested in securing a network that is utilizing 
cryptographic technologies and in particular session keys (those utilized for a limited 
period), would have a keen interest in managing the time limit that the credential based 
upon a session key are valid. Therefore, a person of ordinary skill in the art would have 
looked to a time management technique/criteria such as the one disclosed by '11 3 (col. 
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6. lines 25-43 et seq.) as a means of managing and rescinding a users credentials or 
authentication authority. 

7. As to claim 21 , it distinguishes over rejected claims 1-20 and 22, by reciting that 
the encrypted information is stored in a table format. The examiner takes official notice 
of both the modification and motivation necessary for data to be stored in a tabular 
format. It would have been obvious to one of ordinary skill in the art at the time of the 
invention, to further augment the data processing network of '801 by storing the data in 
table format. A person of ordinary skill would have readily realized that the format of 
storing data in a tabular form is a convention that is readily used for associating data in 
a user-friendly format. Additionally, it is frequently used to associate data and other 
attributes as a means of grouping data into convenient form for data storage and 
retrieval, as such it is a matter of preference as to how the data is stored. 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Norman Wright whose telephone number is (751) 272- 
3844. The examiner can normally be reached on Mondays - Thursdays from 9am to 
4pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Greg Morse, can be reached on (571) 272-3838. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). _^~\ 
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